skip to main content
research-article

Efficient dynamic access analysis using JavaScript proxies

Published:28 October 2013Publication History
Skip Abstract Section

Abstract

JSConTest introduced the notions of effect monitoring and dynamic effect inference for JavaScript. It enables the description of effects with path specifications resembling regular expressions. It is implemented by an offline source code transformation.

To overcome the limitations of the JSConTest implementation, we redesigned and reimplemented effect monitoring by taking advantange of JavaScript proxies. Our new design avoids all drawbacks of the prior implementation. It guarantees full interposition; it is not restricted to a subset of JavaScript; it is self-maintaining; and its scalability to large programs is significantly better than with JSConTest.

The improved scalability has two sources. First, the reimplementation is significantly faster than the original, transformation-based implementation. Second, the reimplementation relies on the fly-weight pattern and on trace reduction to conserve memory. Only the combination of these techniques enables monitoring and inference for large programs.

References

  1. M. Almeida, N. Moreira, and R. Reis. Antimirov and mosses's rewrite system revisited. Int. J. Found. Comput. Sci., 20 (4): 669--684, 2009.Google ScholarGoogle ScholarCross RefCross Ref
  2. V. M. Antimirov. Rewriting regular inequalities (extended abstract). In H. Reichel, editor, FCT, volume 965 of Lecture Notes in Computer Science, pages 116--125. Springer, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. V. M. Antimirov. Partial derivates of regular expressions and finite automata constructions. In STACS, pages 455--466, 1995.Google ScholarGoogle ScholarCross RefCross Ref
  4. V. M. Antimirov and P. D. Mosses. Rewriting extended regular expressions. In Developments in Language Theory, pages 195--209, 1993.Google ScholarGoogle Scholar
  5. T. H. Austin, T. Disney, and C. Flanagan. Virtual values for language extension. In C. V. Lopes and K. Fisher, editors, OOPSLA, pages 921--938, Portland, OR, USA, 2011. ACM. ISBN 978-1-4503-0940-0. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. R. L. Bocchino Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. A type and effect system for deterministic parallel Java. In S. Arora and G. T. Leavens, editors, Proceedings of the 24th ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, pages 97--116, Orlando, Florida, USA, 2009. ACM Press, New York. ISBN 978-1-60558-766-0. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. F. Bonchi and D. Pous. Checking NFA equivalence with bisimulations up to congruence. In R. Giacobazzi and R. Cousot, editors, POPL, pages 457--468. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. G. Bracha and D. Ungar. Mirrors: design principles for meta-level facilities of object-oriented programming languages. In J. M. Vlissides and D. C. Schmidt, editors, OOPSLA, pages 331--344. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. J. Brant, B. Foote, R. E. Johnson, and D. Roberts. Wrappers to the rescue. In E. Jul, editor, ECOOP, volume 1445 of Lecture Notes in Computer Science, pages 396--417. Springer, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. A. Brzozowski. Derivatives of regular expressions. Journal of the ACM, 11 (4): 481--494, 1964. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. L. Burdy, Y. Cheon, D. R. Cok, M. D. Ernst, J. R. Kiniry, G. T. Leavens, K. R. M. Leino, and E. Poll. An overview of JML tools and applications. Int. J. Softw. Tools Technol. Transf., 7 (3): 212--232, 2005. ISSN 1433-2779. http://dx.doi.org/10.1007/s10009-004-0167-4. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Y. Cheon. A Runtime Assertion Checker for the Java Modeling Language. PhD thesis, Iowa State University, Apr. 2003. TR#03-09.Google ScholarGoogle Scholar
  13. R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for JavaScript. In M. Hind and A. Diwan, editors, phPLDI, pages 50--62. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. T. V. Cutsem and M. S. Miller. Proxies: design principles for robust object-oriented intercession APIs. In W. D. Clinger, editor, DLS, pages 59--72. ACM, 2010. ISBN 978-1-4503-0405-4. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. T. Eugster. Uniform proxies for Java. In P. L. Tarr and W. R. Cook, editors, OOPSLA, pages 139--152. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. M. Fähndrich, M. Barnett, and F. Logozzo. Embedded contract languages. In S. Y. Shin, S. Ossowski, M. Schumacher, M. J. Palakal, and C.-C. Hung, editors, SAC, pages 2103--2110, Sierre, Switzerland, 2010. ACM. ISBN 978-1-60558-639-7. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. E. Fredkin. Trie memory. Commun. ACM, 3 (9): 490--499, Sept. 1960. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Gifford and J. Lucassen. Integrating functional and imperative programming. In Proceedings of the 1986 ACM Conf. on Lisp and Functional Programming, pages 28--38, Cambridge, Massachusetts, United States, 1986. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. Greenhouse and J. Boyland. An object-oriented effects system. In R. Guerraoui, editor, 13th European Conference on Object-Oriented Programming, volume 1628 of Lecture Notes in Computer Science, pages 205--229, Lisbon, Portugal, June 1999. Springer-Verlag. ISBN 3-540-66156-5. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of JavaScript. In T. D'Hondt, editor, ECOOP, volume 6183 of Lecture Notes in Computer Science, pages 126--150. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. D. Hedin and A. Sabelfeld. Information-flow security for a core of JavaScript. In S. Chong, editor, CSF, pages 3--18. IEEE, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. P. Heidegger and P. Thiemann. Contract-driven testing of JavaScript code. In J. Vitek, editor, phTOOLS (48), volume 6141 of phLecture Notes in Computer Science, pages 154--172, Málaga, Spain, June 2010. Springer. ISBN 978-3-642-13952-9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. P. Heidegger and P. Thiemann. A heuristic approach for computing effects. In J. Bishop and A. Vallecillo, editors, TOOLS (49), volume 6705 of Lecture Notes in Computer Science, pages 147--162, Zurich, Switzerland, June 2011. Springer. ISBN 978-3-642-21951-1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. P. Heidegger, A. Bieniusa, and P. Thiemann. Access permission contracts for scripting languages. In POPL, pages 111--122, Philadelphia, USA, Jan. 2012. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. F. Henglein and L. Nielsen. Regular expression containment: coinductive axiomatization and computational interpretation. DBLP:conf/popl/2011, pages 385--398. ISBN 978-1-4503-0490-0. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. hoon (David) An, A. Chaudhuri, J. S. Foster, and M. Hicks. Dynamic inference of static types for Ruby. IncitetDBLP:conf/popl/2011, pages 459--472. ISBN 978-1-4503-0490-0. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. E. International. phStandard ECMA-262, volume 5. 2009.Google ScholarGoogle Scholar
  28. S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In Proc. 16th International Static Analysis Symposium, SAS '09, volume 5673 of Lecture Notes in Computer Science, pages 238--255, Los Angeles, CA, USA, Aug. 2009. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Just, A. Cleary, B. Shirley, and C. Hammer. Information flow analysis for javascript. In Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients, PLASTIC '11, pages 9--18, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Keil and P. Thiemann. Efficient access analysis using JavaScript proxies. Technical report, Institute for Computer Science, University of Freiburg, 2013.Google ScholarGoogle Scholar
  31. V. Komendantsky. Regular expression containment as a proof search problem. In PSATTT'11: International Workshop on Proof-Search in Axiomatic Theories and Type Theories, Wroclaw, Pologne, 2011. Germain Faure, Stéphane Lengrand, Assia Mahboubi.Google ScholarGoogle Scholar
  32. A. Krauss and T. Nipkow. Proof pearl: Regular expression equivalence and relation algebra. J. Autom. Reasoning, 49 (1): 95--106, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. G. T. Leavens, A. L. Baker, and C. Ruby. JML: A notation for detailed design. In H. Kilov, B. Rumpe, and I. Simmonds, editors, Behavioral Specifications of Businesses and Systems, pages 175--188, Norwell, MA, USA, 1999. Kluwer Academic Publishers.Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. G. T. Leavens, Y. Cheon, C. Clifton, C. Ruby, and D. R. Cok. How the design of JML accommodates both runtime assertion checking and formal verification. Science of Computer Programming, 55 (1--3): 185--208, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. H. Lehner. A Formal Definition of JML in Coq and its Application to Runtime Assertion Checking. PhD thesis, ETH Zurich, Switzerland, 2011.Google ScholarGoogle Scholar
  36. H. Lehner and P. Müller. Efficient runtime assertion checking of assignable clauses with datagroups. In D. S. Rosenblum and G. Taentzer, editors, FASE, volume 6013 of Lecture Notes in Computer Science, pages 338--352, Paphos, Cyprus, 2010. Springer. ISBN 978-3-642-12028-2. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, Baltimore, Maryland, USA, May 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Safe active content in sanitized JavaScript. Technical report, Tech. Rep., Google, Inc, 2008.Google ScholarGoogle Scholar
  39. S. Owens, J. H. Reppy, and A. Turon. Regular-expression derivatives re-examined. J. Funct. Program., 19 (2): 173--190, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. P. H. Phung and L. Desmet. A two-tier sandbox architecture for untrusted JavaScript. In phProceedings of the Workshop on JavaScript Tools, JSTools '12, pages 1--10, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. POPL 2011. Proceedings 38th Annual ACM Symposium on Principles of Programming Languages, Austin, TX, USA, Jan. 2011. ACM Press. ISBN 978-1-4503-0490-0.Google ScholarGoogle Scholar
  42. G. Rosu and M. Viswanathan. Testing extended regular language membership incrementally by rewriting. In R. Nieuwenhuis, editor, RTA, volume 2706 of Lecture Notes in Computer Science, pages 499--514. Springer, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. T. Van Cutsem and M. S. Miller. On the design of the ECMAScript reflection API. Technical report, Technical Report VUB-SOFT-TR-12-03, Vrije Universiteit Brussel, 2012.Google ScholarGoogle Scholar
  44. E. Wernli, P. Maerki, and O. Nierstrasz. Ownership, filters and crossing handlers: flexible ownership in dynamic languages. In A. Warth, editor, phDLS, pages 83--94. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Efficient dynamic access analysis using JavaScript proxies

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM SIGPLAN Notices
                ACM SIGPLAN Notices  Volume 49, Issue 2
                DLS '13
                February 2014
                105 pages
                ISSN:0362-1340
                EISSN:1558-1160
                DOI:10.1145/2578856
                Issue’s Table of Contents
                • cover image ACM Conferences
                  DLS '13: Proceedings of the 9th symposium on Dynamic languages
                  October 2013
                  118 pages
                  ISBN:9781450324335
                  DOI:10.1145/2508168

                Copyright © 2013 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 28 October 2013

                Check for updates

                Qualifiers

                • research-article

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!